diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-init.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-mutators.c | 39 | ||||
| -rw-r--r-- | src/afl-fuzz-python.c | 20 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 20 |
4 files changed, 67 insertions, 24 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 5e4f1585..faa45a4e 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -881,11 +881,7 @@ void perform_dry_run(afl_state_t *afl) { u32 read_len = MIN(q->len, (u32)MAX_FILE); use_mem = afl_realloc(AFL_BUF_PARAM(in), read_len); - if (read(fd, use_mem, read_len) != (ssize_t)read_len) { - - FATAL("Short read from '%s'", q->fname); - - } + ck_read(fd, use_mem, read_len, q->fname); close(fd); @@ -1350,6 +1346,12 @@ void pivot_inputs(afl_state_t *afl) { if (q->passed_det) { mark_as_det_done(afl, q); } + if (afl->custom_mutators_count) { + + run_afl_custom_queue_new_entry(afl, q, q->fname, NULL); + + } + ++id; } diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 79a47744..5332b9fe 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -31,6 +31,45 @@ struct custom_mutator *load_custom_mutator(afl_state_t *, const char *); struct custom_mutator *load_custom_mutator_py(afl_state_t *, char *); #endif +void run_afl_custom_queue_new_entry(afl_state_t *afl, struct queue_entry *q, + u8 *fname, u8 *mother_fname) { + + if (afl->custom_mutators_count) { + + u8 updated = 0; + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_queue_new_entry) { + + if (el->afl_custom_queue_new_entry(el->data, fname, mother_fname)) { + + updated = 1; + + } + + } + + }); + + if (updated) { + + struct stat st; + if (stat(fname, &st)) { PFATAL("File %s is gone!", fname); } + if (!st.st_size) { + + FATAL("File %s became empty in custom mutator!", fname); + + } + + q->len = st.st_size; + + } + + } + +} + void setup_custom_mutators(afl_state_t *afl) { /* Try mutator library first */ diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 3aa97635..bb4eabcc 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -813,8 +813,8 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) { } -void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, - const u8 *filename_orig_queue) { +u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, + const u8 *filename_orig_queue) { PyObject *py_args, *py_value; @@ -861,7 +861,21 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_args); Py_DECREF(py_args); - if (py_value == NULL) { + if (py_value != NULL) { + + int ret = PyObject_IsTrue(py_value); + Py_DECREF(py_value); + + if (ret == -1) { + + PyErr_Print(); + FATAL("Failed to convert return value"); + + } + + return (u8)ret & 0xFF; + + } else { PyErr_Print(); FATAL("Call failed"); diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index b759532c..16af2c6b 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -474,24 +474,12 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { if (afl->custom_mutators_count) { - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + /* At the initialization stage, queue_cur is NULL */ + if (afl->queue_cur && !afl->syncing_party) { - if (el->afl_custom_queue_new_entry) { + run_afl_custom_queue_new_entry(afl, q, fname, afl->queue_cur->fname); - u8 *fname_orig = NULL; - - /* At the initialization stage, queue_cur is NULL */ - if (afl->queue_cur && !afl->syncing_party) { - - fname_orig = afl->queue_cur->fname; - - } - - el->afl_custom_queue_new_entry(el->data, fname, fname_orig); - - } - - }); + } } |